Wyden Pressing Intel Officials on Domestic Location Tracking
Back in May, during the debates over reauthorization of the Patriot Act, Sens. Ron Wyden (D-OR) and Mark Udall (D-CO) began raising a fuss about a secret interpretation of the law’s so-called “business records” authority, known to wonks as Section 215, arguing that intelligence agencies had twisted the statute to give themselves domestic surveillance powers Congress had not anticipated or intended. At the time, I marshaled a fair amount of circumstantial evidence that, I thought, suggested that the “secret authority” involved location tracking of cell phones. Wyden backed off after being promised a secret hearing to address his concerns—but indicated he’d be returning to the issue if he remained unsatisfied. The hearing occurred early last month. Now I suspect we’re seeing the other shoe dropping.
At a confirmation hearing this morning for Matthew Olsen, who’s been tapped to head the National Counterterrorism Center, Wyden repeatedly asked the nominee whether the intelligence community “use[s] cell site data to track the location of Americans inside the country.” This comes on the heels of a letter Wyden and Udall sent to Director of National Intelligence James Clapper demanding an answer to the same question. Olsen was unsurprisingly vague, calling it a “complicated question” but allowing that there were “certain circumstances where that authority may exist.” The committee was promised a memo explaining those “circumstances” by September. That means that just about ten years after Congress approved the Patriot Act, a handful of legislators may get the privilege of learning what it does. Ah, democracy.
On a related note, one of the data points I cited in my previous post was that Wyden’s Geolocation Privacy and Surveillance Act had, somewhat unusually, been structured primarily as a reform to the Foreign Intelligence Surveillance Act (FISA), which governs intelligence spying, only later incorporating the same protections into the statutes governing ordinary criminal investigations. Especially striking was the inclusion of a specific prohibition on the use of Section 215 for location tracking, above and beyond the general warrant requirement. Since that writing, however, the bill gained Republican co-sponsorship, and dropped the changes to FISA that had previously been the bill’s centerpiece. Instead, the bill now contains an explicit exception for FISA “electronic surveillance,” in addition to the section providing for location tracking authorized by either a criminal or a FISA warrant. I’m not privy to whatever negotiations necessitated that change, but it’s hard to imagine anyone would have insisted on such a substantial restructuring if the intelligence community weren’t doing at least some location tracking pursuant to a lower standard than probable cause.
It’s not entirely clear exactly what the current version of the bill would permit, however. FISA is mentioned twice in the draft: once as part of a vague general exemption for “electronic surveillance,” and then again as one of the sources of authority for a “warrant” to do geolocation tracking. At a first pass, though, those two definitions ought to overlap, because FISA requires a secret intelligence court to issue a warrant based on probable cause (to believe the target is an “agent of a foreign power”) for government monitoring that falls within the FISA’s definition of “electronic surveillance,” in contrast with the far laxer standards that apply to the use of Section 215. It’s therefore an interesting puzzle what, exactly, that exception is meant to permit. Possibly the idea is to permit the (otherwise prohibited) “use” and “disclosure” of geolocation information already obtained without a warrant in order to target future judicially authorized “electronic surveillance,” but it’s hard to be sure. What does seem increasingly sure, however, is that location tracking is connected to the controversy over Section 215—and that Congress owes the American people a debate over the proper use and scope of that power, which it has thus far refused to have.
No Time to Debate Patriot
Back in February, Democratic leader Harry Reid promised fellow senator Rand Paul that—after years of kicking the can down the road—there would be at least a week reserved for full and open debate over three controversial provisions of the Patriot Act slated to expire this weekend, with an opportunity to propose reforms and offer amendments to any reauthorization bill. And since, as we know, politicians always keep their promises, we can look forward to a robust and enlightening discussion of how to modify the Patriot Act to better safeguard civil liberties without sacrificing our counterterror capabilities.
Ha! No, I’m joking, of course. Having already cut the legs out from under his own party’s reformers by making a deal with GOP leaders for a four-year extension without reform, Reid used some clever procedural maneuvering to circumvent Rand Paul’s pledged obstruction, slipping the Patriot extension into an unrelated small-business bill that’s privileged against filibusters. All this just to prevent any debate on amendments—the most prominent of which, the Leahy-Paul amendment, is frankly so mild that it ought to be uncontroversial. (Among other things, it modifies some portions of the statute already found constitutionally defective by the courts, and codifies some recordkeeping and data use guidelines the Justice Department has already agreed to implement voluntarily.) Apparently it’s too much to even allow these proposals to be debated and voted on.
One reason may be that a growing number of senators—most recently Ron Wyden and Mark Udall—have been raising concerns about a classified “sensitive collection program” that makes use of the sunsetting “business records provision,” also known as Section 215. They’ve joined Dick Durbin and (former Senator) Russ Feingold in hinting that there may be abuses linked to this program the public is unaware of, and that, moreover, the secret Foreign Intelligence Surveillance Court has interpreted this provision (in a classified ruling, of course) in a way that the general public would find surprising, and which goes beyond the law’s apparent intent. Intelligence operations, of course, must remain secret, but this means we are now governed by a body of secret law, potentially at odds with citizens’ understanding of the public statute—with the result that we cannot even know the true reason that common sense reforms, once endorsed unanimously by the Senate Judiciary Committee, cannot be adopted. This is—to put it very mildly—not how a democracy is supposed to function. Equally troubling, there’s strong circumstantial evidence (which I’ll outline in a separate post) that the program in question may involve large-scale cell phone location tracking and data mining—a conclusion shared by several other analysts who’ve followed the issue closely.
The one silver lining here is that, while press may not have the patience for a complicated policy debate involving byzantine intelligence law—especially now that many Democrats have decided that powers which raised the specter of tyranny under George W. Bush are unobjectionable under an Obama administration—they are always happy to cover a legislative boxing match. Perhaps, thanks to Sen. Paul’s intransigence, we’ll finally see a little sunlight shed on these potent and secret surveillance powers.
Julian Sanchez Talks Online Privacy on Monday, March 28 at 1pm ET on Facebook
Please join us this coming Monday, March 28 at 1pm Eastern on our Facebook page for a live video presentation, powered by Livestream, from Cato research fellow Julian Sanchez on the current state of online privacy policy.
Here is a brief list of topics he’ll cover:
- An update on current challenges to overturn FISA, and what it means for you and me if those challenges succeed or fail
- How this relates to current and recent efforts to reauthorize the Patriot Act, including a recap of testimony Sanchez recently delivered to the U.S. Senate Subcommittee on Crime, Terrorism, and Homeland Security
- What’s on the FBI’s surveillance wish list
- Reflections on the idea of an “online privacy bill of rights“
We hope you can join us next Monday at 1pm Eastern for this event. Be sure to log in to Livestream with your Facebook account so you can chat with each other and submit questions–we’ll try to take as many as we can.
Not a fan of the Cato Institute yet? Join us below:
How Many 215 Orders?
There was an interesting exchange during a Senate Intelligence Committee hearing yesterday concerning the use of the Patriot Act’s §215 orders for business records and other tangible things. FBI Director Robert Mueller hinted that the orders may have been used to track purchases of hydrogen peroxide purchases in the investigation of aspiring bomber Najibullah Zazi, while Sen. Ron Wyden (D-Oreg.) asserted that there is “a huge gap today between how you all are interpreting the PATRIOT Act and what the American people think the PATRIOT Act is all about and it’s going to need to be resolved.”
Let’s leave our curiosity about that by the wayside for the moment, though. I’m curious about one simple empirical claim Mueller made in his testimony: That the provision has been used over 380 times since 2001. I assume he’d know, but that seems inconsistent with what’s been publicly reported to date. It’s worth noting that there are actually minor discrepancies between the numbers provided in Congressional Research Service reports, audits from the Office of the Inspector General, and the Justice Department’s annual reports to Congress. But there are plenty of legitimate reasons these numbers might vary depending on how you count, and the total variance is a difference of about 17 orders total over the years.
We know from those Inspector General reports that the majority of those 215 orders issued were “combination” orders issued in tandem with another type of surveillance order called a “pen register” so that investigators could get subscriber information about the people whose communications patterns they were tracking. When Congress amended the Patriot Act in 2006, it built that authority right into the pen register statute, making it unnecessary to seek those “combination” orders. Prior to the amendment, the government got 173 of those “combination” orders. “Pure” 215 orders, which are now the only type needed, have been used much more sparingly. None were issued at all until 2004, and from 2004 through 2009 (depending on whose tally you want to use) there were between 75 and 92 orders issued (for an average of 12–15 annually since 2004). Throw in the combination orders and the upper-bound number through the end of 2009 is 265 orders.
Why the Senate’s Vote on the Patriot Act Is Actually Pretty Good News
Last night, By an overwhelming 86-to-12 margin, the Senate approved a temporary 90-day extension of three controversial provisions of the Patriot Act scheduled to sunset at the end of the month. The House just voted to move forward on a parallel extension bill, which will presumably pass easily. Because I’m seeing some civil libertarian folks online reacting with dismay to this development, I think it’s worth clarifying that this is relatively good news when you reflect on the outlook from just a couple of weeks ago.
The House has already approved a one-year extension that would plant the next reauthorization vote on the right eve of primary season in a Presidential election cycle, all but guaranteeing a round of empty demagoguery followed by another punt. As of last week, everyone expected the Senate to bring Sen. Dianne Feinstein’s three year reauthorization—which also extends the odious FISA Amendments Act of 2008—to the floor. The discussion on the Senate floor last night makes it clear that this didn’t happen because of pushback from legislators who were sick of kicking the can and wanted time to hold hearings on substantive reforms.
This is actually a better outcome than simply letting the three sunsetting powers lapse—which, realistically, was not going to happen anyway. First, because at least one of the expiring authorities, roving wiretaps, is a legitimate tool that ought to be available to intelligence investigators if it’s amended to eliminate the so-called “John Doe” loophole. Second, because while all three of these provisions have serious defects that raise legitimate concerns about the potential for abuse, they are collectively small beer compared with National Security Letters, which have already given rise to serious, widespread, and well documented abuses. One of the three sunsetting powers has never been used, and the other two are invoked a couple dozen times per year. All three involve court supervision. The FBI issues tens of thousands of National Security Letter requests each year, the majority targeting American citizens and legal residents, without any advance court approval. The vast majority of the thousands of Americans whose financial and telecommunications records are seized each year are almost certainly innocent of any wrongdoing, but their information is nevertheless retained indefinitely in government databases. With very few exceptions, these people will never learn that the government has been monitoring their financial transactions or communication patterns. Forcing a debate now on the expiring provisions opens a window for consideration of proposals to rein in NSLs—including a new sunset that would create pressure for continued scrutiny.
A new Pew poll released this week reports that Americans remain fairly evenly split on the question of whether the Patriot Act is “a necessary tool that helps the government find terrorists” or “goes too far and poses a threat to civil liberties.” (Perhaps unsurprisingly, with the change of administration, Democrats have become more supportive and Republicans somewhat more skeptical.) But this is actually a signally unhelpful way to frame debate about legislation encompassing hundreds of reforms to the byzantine statutory framework governing American intelligence investigations—more a toolbox than a “tool.” The question shouldn’t be whether you’re “for” or “against” it, but whether there are ways to narrow and focus particular authorities so that legitimate investigations can proceed without sweeping in so much information about innocent people. A three-month extension signals that Congress is finally, belatedly, ready to start having that conversation.
The Heritage Foundation on the Patriot Act
If you wonder why House Republicans were so keen on ramming through an extension of the Patriot Act without hearings or debate, take a gander at the Heritage Foundation’s blog post and Web memo on the topic. I want to run through the latter in some detail, because I think it’s telling just how poorly the case against reform stands up to scrutiny in the rare instances when the law’s defenders feel obliged to make an argument more sustained than “Boo! Terrorists!”
Here’s how they begin:
With at least 36 known plots foiled since 9/11, the United States continues to face a serious threat of terrorism. As such, national security investigators continue to need these authorities to track down terror leads and dismantle plots before the public is in any danger. These three amendments—which have been extensively modified over the years by Congress and now include significant new safeguards, including substantial court oversight—are vital to this success.
I’ve debated co-author Jena McNeil Baker on Patriot a few times, and she invariably leads off with a running tally of foiled terror plots. I’m not sure exactly which cases make her current list, but in the past she’s cited yahoos like the Lackawanna Six, who don’t appear to have had any actual plot to dismantle, and since our last exchange the FBI has augmented the count via its innovative strategy of planning terror attacks for itself to foil.
But let’s all agree the terror threat is real and serious even without this sort of inflation. What evidence do the authors have that any of the three expiring authorities were “vital” in any of those cases? There just isn’t any. Even if it were true, the authors would have no basis in the public record for the assertion. The evidence we do have, however, suggests just the opposite. Lone Wolf has never been used, so it certainly wasn’t vital. FISA roving authority has been granted an average of 22 times per year since Patriot, and in many of those cases, investigators found they didn’t end up needing to use it. And none of the reports I can recall reading on apprehended wannabe-terrorists suggested that they were practicing sophisticated countersurveillance tactics. The Office of the Inspector General couldn’t find any major case developments attributable to 215 business record orders, which also don’t seem to be used that frequently.
If one of the sunsetting powers had played an important role in disrupting a concrete plot or attack, though, you’d think Justice Department officials would have every incentive to say so loudly and unambiguously, even if they couldn’t get into operational specifics. While these facts are suggestive, of course, I can’t say with certainty that the two powers that have actually been used definitely didn’t play a vital role in any of those (let’s be generous) 36 cases. It would be more convenient if I could say so, but I’m at something of a disadvantage here: In the absence of evidence, I lack the panache needed to make whatever sweeping assertions would help my position. I can only say that all the evidence we do have cuts against that bold claim.
We move to roving wiretaps, which we’re told are a “garden variety” surveillance tool used “routinely” in criminal investigations. The authors seem to be operating with highly idiosyncratic definitions of those terms: In 2009, there were 2,376 wiretap warrants issued for criminal investigations, of which 16 were roving. But routine or not, pretty much everyone in fact agrees that roving authority should be available for intelligence investigations. Astonishingly, the Heritage memo never even mentions the actual issue civil libertarians have with this provision: that unlike the parallel criminal authority, it permits roving warrants that don’t name an individual target. So the authors spend five paragraphs mounting an irrelevant defense of a power nobody contests in principle, but never informs their readers about the real point of controversy, let alone argue for the asymmetry.
Patriot Reauthorization Vote Fails… Now What?
First, the good news: Last night, civil libertarians had a rare excuse to pop champagne when an effort to fast-track a one-year reauthorization of three controversial Patriot Act provisions–set to expire at the end of the month–failed in the House of Representatives. As Slate‘s Dave Weigel notes, the vote had been seen as such a sure thing that Politico headlined its story on the pending vote “Congress set to pass Patriot Act extension.” Around this time last year, a similar extension won House approval by a lopsided 315-97 vote.
Now the reality check: The large majority of representatives also voted for reauthorization last night: 277 for, 148 against. The vote failed only because GOP leadership had sought to ram the bill through under a “suspension of the rules”–a streamlined process generally used for the most uncontroversial bills, limiting debate and barring the introduction of amendments–which required a two-thirds majority for passage. Given last week’s developments in the Senate, it’s still a near certainty that the expiring provisions will be extended again before the end of the month. In fact, there’s a Rules Committee meeting today to get the bill back on the House floor. Also, while the defection of 26 Republicans who voted against reauthorization is the first real pushback against leadership we’ve seen since the GOP took the House, some of the talk that’s circulated about a Tea Party backlash against the surveillance state seems premature. As Weigel notes, just eight of the 26 Republican “no” votes were incoming freshmen, and many representatives prominently associated with the Tea Party were on the other side. Some of the resistance seems to have been generated by the fast-track approach, as there haven’t been any hearings or mark-ups on Patriot legislation.
That said, the tide does seem to be shifting somewhat. The failure of the fast-track vote means that we may see the reauthorization introduced under rules that would allow amendments aimed at remedying the civil liberties problems with the three expiring provisions, or with the still more controversial Patriot expansion of National Security Letter authority, which under current law does not expire. For those just tuning in, the sunsetting Patriot provisions are:
Lone Wolf
So-called “lone wolf” authority allows non-citizens in the U.S. who are suspected of involvement in terrorist activities to be monitored under the broad powers afforded by the Foreign Intelligence Surveillance Act (FISA), even if they are not connected to any overseas terror group or other “foreign power.” It was passed after FBI claimed the absence of “lone wolf” authority stymied efforts to monitor the infamous “20th 9/11 Hijacker”–but a bipartisan Senate report found that this failure was actually the result of a series of gross errors by the FBI, not any gap in government surveillance powers. Moreover, Lone Wolf blurs the traditional–and constitutionally significant–distinction between foreign intelligence, where the executive enjoys greater latitude, and domestic national security investigations. The way the statute is written, Lone Wolf authority is only available in circumstances where investigators would already be able to obtain a criminal terrorism wiretap. Given of the sweeping nature of FISA surveillance, that more narrow criminal surveillance authority should be employed when the special needs imposed by the involvement of a “foreign power” are not present.
‘Geolocation’? ‘Geotagging’? What is This Stuff?
If the Army is educating recruits about “geolocation,” maybe you should know about it too. In fact, the U.S. Army primer entitled “Geotags and Location-Based Social Networking” is a pretty good basic resource. Check it out.
Understand this: Your mobile phone sends out signals to cell towers, creating records of where you go throughout your day. If it is enabled with GPS, it can produce even more precise location information.
Law enforcement and intelligence agencies are rushing to exploit the potential of geolocation data, acquiring details of people’s movements and activities that once required costly, 24/7 surveillance. Uses of these data range from tracking fugitives, to reconstructing suspects’ travels, to analyzing the movements of whole populations in search of “suspicious” behavior patterns.
Senator Ron Wyden (D-OR) is drafting legislation to set standards for government access to geolocation data under both criminal law and the Foreign Intelligence Surveillance Act. On Wednesday, January 26th, Cato will host him at an event we’ve titled “Location-Tracking Technology and Privacy.”
We’ll ask you to silence your cell phone when the program starts. You might consider turning it off on the way here…
FISA Applications Are Down, but Is Surveillance?
The invaluable Main Justice blog notes that we’ve just gotten our annual dribble of information from the Foreign Intelligence Surveillance Court, showing that the number of surveillance applications sought and approved by the court dropped for a second consecutive year, to their lowest level since 2002. Applications fell to 1,376—down from 2007′s record high of 2,370.
So does that mean there’s less FISA surveillance going on? Nope—according to an anonymous source at the Justice Department, you can’t infer much from the raw numbers, especially given the passage of the FISA Amendments Act of 2008, which empowered the executive branch to authorize broad programs of surveillance with slight court oversight:
“The number of Foreign Intelligence Surveillance Act applications submitted to the Foreign Intelligence Surveillance Court decreased in 2008 and again in 2009 due to significant changes in the legal authorities that govern FISA surveillance — specifically, the enactment of the FISA Amendments Act in 2008 — and shifting operational demands, but the fluctuation in the number of applications does not in any way reflect a change in coverage,” the official said.
I note with some disappointment that the normally astute folks at Main Justice repeat the canard that the FISA Amendments Act were a response to a 2007 court ruling that “surveillance of purely foreign communications that pass through a U.S. communications node was illegal without a warrant.” Boosters of broader executive power trumpeted that line, but as we learned in 2008, the court’s limitations were really centrally about certain kinds of e-mail traffic; it has never been the case that purely foreign communications in general required a warrant if they passed through the U.S.—and indeed, nobody reading the plain text of the FISA law could possibly believe that to be the case.
In any event, as I suggested recently when last year’s criminal wiretap figures were released, this is one more reason to suspect that current reporting requirements amount to so much oversight theater—giving us the illusion that we have some understanding of the real scope of electronic surveillance, while providing (at best) a spotty and incomplete picture.
Your Year in Wiretaps
The 2009 Wiretap Report has just been released by the Administrative Office of the U.S. Courts. The headline findings: 2,376 wiretaps were authorized for criminal investigations last year, of which 663 were federal and 1,713 were issued at the state level. (NB: These numbers don’t include Foreign Intelligence Surveillance Act wiretaps, “pen register” requests for communications metadata, or orders to acquire stored e-mails sitting on a server.) The vast majority of wiretaps—86 percent—were part of the drug war, with the average wiretap bill running about $52,200.
In line with recent years, only about 19 percent of intercepted communications contained anything incriminating. As you can see by eyeballing the chart, the 2009 numbers reflect a sharp 70 percent increase in federal taps over the previous year, but only because 2008 was a decade low-point. Though the number is still relatively high, criminal federal wiretap warrants were long ago eclipsed by broader and more secretive intelligence wiretaps under FISA—of which there were 2,082 in 2008.
Since drug dealers seldom have fixed offices, it probably won’t come as any surprise that 96 percent of the orders targeted mobile devices. Since a full wiretap order also permits the acquisition of the highly detailed GPS information phones can provide, it would be nice to know how many of these orders involve the use of a cell phone as a mobile tracking device. There’s a campaign underway to update our grossly outdated surveillance laws, and better reporting on this relatively novel form of surveillance should be part of a larger geotracking reform providing a single process and a single clear standard for seeking such information, rather than the patchwork of warrants and other sorts of court orders currently employed.
As another data point for the need to reform federal surveillance law, only four of last year’s orders involved any kind of “electronic communication,” as opposed to traditional voice communications. Does that mean law enforcement agencies are just ignoring the Internet? Of course not. But current law, perversely, establishes a much higher standard for the interception of “live” communications in transit over the network than for e-mails that have landed on a user’s server. As soon as you open that e-mail, the level of protection it’s afforded by statute is radically diminished, and the constitutional protections given to stored emails are still embarrassingly unclear, at least as far as the courts are concerned.
The irony here is that the outdated federal surveillance laws actually leave us hard pressed to accurately gauge how badly they’re outdated. The primary problem is that the crazy-quilt of statutes and standards doesn’t map the way people actually communicate today, or line up with their real-world expectations of privacy in those communications. But the secondary problem is that the reporting requirements don’t line up either. I’m probably a little abnormal here, but I communicate via e-mail, Twitter, or IM vastly more than I talk on the telephone. I send dozens of e-mails on an average day (many from a GPS-enabled phone), but I doubt I average more than one actual voice phone call per week. There are, of course, many reasons to expect criminals to prefer the ephemeral nature of voice communication, but the disconnect still ought to be worrying. The numbers in the Wiretap Report make us feel as though we have a handle on the scope of government surveillance, when in fact we probably don’t have a very clear picture at all.
How Much Government Snooping? Google It Up!
The secrecy surrounding government surveillance is a constant source of frustration to privacy activists and scholars: It’s hard to have a serious discussion about policy when it’s like pulling teeth to get the most elementary statistics about the scope of state information gathering, let alone any more detailed information. Even when reporting is statutorily required, government agencies tend to drag their heels making statistics available to Congress — and it can take even longer to make the information more widely accessible. Phone and Internet companies, even when they join the fight against excessive demands for information, are typically just as reluctant to talk publicly about just how much of their customers’ information they’re required to disclose. That’s why I’m so pleased at the news that Google has launched their Government Requests transparency tool. It shows a global map on which users can see how many governmental demands for user information or content removal have been made to Google’s ever-growing empire of sites — now including Blogger, YouTube, and Gmail — starting with the last six months.
So far, the information up there is both somewhat limited and lacking context. For instance, it might seem odd that Brazil tops the list of governmental information hounds until you bear in mind that Google’s Orkut social network, while little-used by Americans, is the Brazilian equivalent of Facebook.
There are also huge gaps in the data: The United States comes in second with 3,580 requests from law enforcement at all levels, but that doesn’t include intelligence requests, so National Security Letters (tens of thousands of which are issued every year) and FISA warrants or “metadata” orders (which dwarf ordinary federal wiretaps in number) aren’t part of the tally. And since China considers all such government information requests to be state secrets — whether for criminal or intelligence investigations — no data from the People’s Republic is included.
Neither is there any detail about the requests they have counted — how many are demands for basic subscriber information, how many for communications metadata, and how many for actual e-mail or chat contents. The data on censorship is similarly limited: They’re counting governmental but not civil requests, such as takedown notices under the Digital Millennium Copyright Act.
For all those limits — and the company will be striving to provide some more detail, within the limits of the law — this is a great step toward bringing vital transparency to the shadowy world of government surveillance, and some nourishment to the data-starved wretches who seek to study it. We cannot have a meaningful conversation about whether censorship or invasion of privacy in the name of security have gone too far if we do not know, at a minimum, what the government is doing. So, for a bit of perspective, we know that U.S. courts reported a combined total of 1,793 (criminal, not intel) wiretaps sought by both federal and state authorities. Almost none of these (less than 1 percent) were for electronic interception.
This may sound surprising, unless you keep in mind that federal law establishes a very high standard for the “live” interception of communications over a wire, but makes it substantially easier — under some circumstances rather terrifyingly easy — to get stored communications records. So there’s very little reason for police to jump through all the hoops imposed on wiretap orders when they want to read a target’s e-mails.
If and when Google were to break down that information about requests — to show how many were “full content” as opposed to metadata requests — we would begin to have a far more accurate picture of the true scope of governmental spying. Should other major players like Yahoo and Facebook be inspired to follow Google’s admirable lead here, it would be better still. Already, though, that one data point from a single company — showing more than twice as many data requests as the total number of phone wiretaps reported for the entire country — suggests that there is vastly more actual surveillance going on than one might infer from official wiretap numbers.
The Latest ‘Intelligence Gap’
Stop me if you think you’ve heard this one before. The Washington Post reports that the National Security Agency has halted domestic collection of some type of communications metadata—the details are predictably fuzzy, though I’ve got a guess—in order to allay the concerns of the secret FISA Court that the NSA’s activity might not be technically permissible under the Foreign Intelligence Surveillance Act. Naturally, there’s the requisite quote from the anonymous concerned intel official:
“This is a basic tool we used to have, and it’s now gone,” said one intelligence official familiar with the impasse. “Every day, every week that goes by, there’s just one more week of information that we’re not collecting. You sit there and say, ‘This is unbelievable that we have this gap.’”
I want to take claims like these with due gravity, but I can’t anymore. Because we’ve heard them again and again over the past decade, and they’ve proven to be bogus every time. We were told that the civil liberties restrictions built into pre-9/11 surveillance law kept the FBI from searching “20th hijacker” Zacarias Moussaoui’s laptop—but a bipartisan Senate panel found it wasn’t true. We were told limits on National Security Letters were FBI delaying agents seeking vital records in their investigations—but the delay turned out to have been manufactured by the FBI itself. Most recently, we were warned that the FISA Court had somehow imposed a requirement that a warrant be obtained in order to intercept purely foreign telephone calls that were traveling through U.S. wires. Anyone who understood the FISA law realized that this couldn’t possibly be right—and as Justice Department officials finally admitted under pressure, that wasn’t true either. But this time there’s a really real for serious “intelligence gap” and we’ll all be blown up by scary terrorists any minute if it’s not fixed? Pull the other one.
That said, Republicans are claiming the problem requires a mere “technical fix” to FISA, so we should at least be able to get a rough sense of what the issue is, if Congress actually decides to act. Democrats, by contrast, appear to think NSA can “address the court’s concerns without resorting to legislation.” The word “resort” here seems depressingly apt: They’ll ask for a legislative tweak if there’s absolutely no way to shoehorn what they want to do into the statute through clever lawyering in an ex parte proceeding in front of a highly deferential court, but it’s a last resort.
As for what the problem might be, I can think of a couple of possibilities off the top of my head. A few years back, the FISA pen register provision was amended to effectively build into the legal order for a standard pen register, which records data about calls or e-mails made and received, language mirroring a legal demand for subscriber records known as a 2703(d) order in the criminal context. Law enforcement routinely uses that combination of a 2703(d) plus a pen register to get location tracking information for cell phones. But the evidentiary standard for getting a 2703(d) order is (very) slightly higher than the standard for a pen register alone, and federal law prohibits the use of a pen register alone to gather location data. So there might be a question about whether FISA pen registers alone can be used for cell phone location tracking purposes.
Alternatively, given that Internet communications aren’t just “metadata” and “content” but rather a whole series of layers containing different types of information, there could be a question about just how far down “metadata” goes. This might be especially tricky for protocols where quite a lot of information about the content of the communication—which is supposed to require a full probable cause warrant—can be gleaned from sophisticated analysis of the size and timing of packets in the stream.
These are, of course, blind guesses. What’s disturbing is how much blind guessing the FISA court itself may be doing. The new hiatus, the Post tells us via an anonymous source, came about when the FISA Court “got a little bit more of an understanding”of what the NSA was up to. Their enhanced understanding concerns data that NSA has been getting with the court’s approval for “several years,” according to the Post. And there you have the real “intelligence gap” in modern surveillance: We have a Court going through a pantomime of oversight over thousands of highly technologically sophisticated interception programs, but it may take a few years for them to really understand what they’ve been signing off on.
We’ll understand still less about the rationale for any “technical fix” to FISA that Congress might approve, if they deign to go that route. But we’ll be reassured that it’s very important, necessary to keep us safe from the terrorist hordes, and nothing worth bothering our pretty heads about.
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
